scripts/nmap2certs at master · sidaf/scripts · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
#!/usr/bin/env ruby

$stderr.sync = true

begin
  require 'nmap/xml'
rescue LoadError
  STDERR.puts "The ruby-nmap gem could not be loaded, is it installed?"
  STDERR.puts "-> gem install ruby-nmap"
  exit
end
begin
  require "docopt"
rescue LoadError
  STDERR.puts "The docopt gem could not be loaded, is it installed?"
  STDERR.puts "-> gem install docopt"
  exit
end
require "set"

doc = <<DOCOPT
Parse nmap xml output and print out certificates enuemrated by the ssl-cert NSE script.

Usage:
  #{__FILE__} <xml>...
  #{__FILE__} -h | --help

Options:
  -h --help     Show this output.

DOCOPT

begin
  options = Docopt::docopt(doc)
rescue Docopt::Exit => e
  STDERR.puts e.message
  exit
end

# check arguments

options['<xml>'].each do |file|
  if not File.exists?(file)
    STDERR.puts "[!] #{file} does not exist!"
    exit 1
  end
end

# variables

targets = Hash.new

# process nmap xml files

options['<xml>'].each do |nmap|
  Nmap::XML.new(nmap) do |xml|
    xml.each_host do |host|

      unless targets.include? host.ip
        targets[host.ip] = SortedSet.new
      end

      host.each_port do |port|
        port.scripts.each do |name, output|
          next unless name == "ssl-cert"
          output.each_line do |line|
            if line.include? "Subject: commonName="
              cert = line.split("=", 2).last.strip
              if cert.include? "/"
                targets[host.ip] << cert.split("/", 2).first
              else
                targets[host.ip] << cert
              end
            elsif line.include? "Subject Alternative Name:"
              cert = line.split(":", 2).last.strip
              if cert.include? ","
                cert.split(",").each do |san|
                  if san.include? "DNS:"
                    targets[host.ip] << san.split(":").last.strip
                  end
                end
              else
                targets[host.ip] << cert.strip
              end
            end
          end
        end
      end
    end
  end
end

targets.each do |ip, hostnames|
  hostnames.each do |hostname|
    puts "#{ip},#{hostname}"
  end
end